Cybersecurity researchers have disclosedtwo unpatched security vulnerabilitiesin the open-source U-Boot boot loader. The issues, which were uncovered in theIP defragmentationalgorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is aboot loaderused in Linux-based embedded systems such as ChromeOS as well as